Add a new version of the patch committed in r468197 that fixes a regression

introduced by that version. PR: 223587 Submitted by: Todd C. Miller <Todd.Miller@sudo.ws> Reported by: vas@mpeks.tomsk.su Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=831 MFH: 2018Q2 Sponsored by: Rubicon Communications, LLC (Netgate)
author: Renato Botelho <garga@FreeBSD.org> 2018-04-24 16:52:48 +0000
committer: Renato Botelho <garga@FreeBSD.org> 2018-04-24 16:52:48 +0000
commit: f01f10327d2375f92313b240049ba66b889d1e88 (patch)
tree: 8451071147a41dd82b17466a4fcaca583f7f60c9 /security/sudo
parent: 383d5adb7763a039ff2e9bac95b166dc91a9dcbb (diff)
download: ports-f01f10327d2375f92313b240049ba66b889d1e88.tar.gz
ports-f01f10327d2375f92313b240049ba66b889d1e88.zip
2 files changed, 147 insertions, 34 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 70ba0f67342c..9cc204bf42f2 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	sudo
 PORTVERSION=	1.8.22
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	SUDO
 
diff --git a/security/sudo/files/patch-plugins_sudoers_match.c b/security/sudo/files/patch-plugins_sudoers_match.c
index 7e1a43a4cbf2..ecbe047d68c1 100644
--- a/security/sudo/files/patch-plugins_sudoers_match.c
+++ b/security/sudo/files/patch-plugins_sudoers_match.c
@@ -1,17 +1,15 @@
---- plugins/sudoers/match.c.orig	2018-04-24 10:49:39 UTC
-+++ plugins/sudoers/match.c
-@@ -1,5 +1,5 @@
+--- plugins/sudoers/match.c	Mon Jan 15 10:31:56 2018 -0700
++++ plugins/sudoers/match.c	Tue Apr 24 09:49:28 2018 -0600
+@@ -1,5 +1,5 @@ 
  /*
 - * Copyright (c) 1996, 1998-2005, 2007-2017
 + * Copyright (c) 1996, 1998-2005, 2007-2018
   *	Todd C. Miller <Todd.Miller@sudo.ws>
   *
   * Permission to use, copy, modify, and distribute this software for any
-@@ -446,32 +446,22 @@ do_stat(int fd, const char *path, struct stat *sb)
-     debug_return_bool(stat(path, sb) == 0);
+@@ -447,31 +447,20 @@ do_stat(int fd, const char *path, struct
  }
  
-+#ifdef HAVE_FEXECVE
  /*
 - * On systems with fexecve(2), set the close-on-exec flag on the file
 - * descriptor only if the file is not a script.  Because scripts need
@@ -47,45 +45,124 @@
  }
  
  /*
-@@ -500,10 +490,36 @@ open_cmnd(const char *path, const struct sudo_digest *
+@@ -500,16 +489,57 @@ open_cmnd(const char *path, const struct
      if (fd == -1)
  	debug_return_bool(false);
  
 -    set_cloexec(fd);
-+    if (is_script(fd)) {
-+	char fdpath[PATH_MAX];
-+	struct stat sb;
++    (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
+     *fdp = fd;
+     debug_return_bool(true);
+ }
+ 
++static void
++set_cmnd_fd(int fd)
++{
++    debug_decl(set_cmnd_fd, SUDOERS_DEBUG_MATCH)
++
++    if (cmnd_fd != -1)
++	close(cmnd_fd);
 +
-+	/* We can only use fexecve() on a script if /dev/fd/N exists. */
-+	snprintf(fdpath, sizeof(fdpath), "/dev/fd/%d", fd);
-+	if (stat(fdpath, &sb) != 0) {
++    if (fd != -1) {
++	if (def_fdexec == never) {
++	    /* Never use fexedcve() */
 +	    close(fd);
-+	    debug_return_bool(true);
-+	}
++	    fd = -1;
++	} else if (is_script(fd)) {
++	    char fdpath[PATH_MAX];
++	    struct stat sb;
++	    int flags;
 +
-+	/*
-+	 * Shell scripts go through namei twice so we can't set the
-+	 * close on exec flag on the fd for fexecve(2).
-+	 */
-+    } else {
-+	/* Not a script, close on exec is safe. */
-+	(void)fcntl(fd, F_SETFD, FD_CLOEXEC);
++	    /* We can only use fexecve() on a script if /dev/fd/N exists. */
++	    snprintf(fdpath, sizeof(fdpath), "/dev/fd/%d", fd);
++	    if (stat(fdpath, &sb) != 0) {
++		/* Missing /dev/fd file, can't use fexecve(). */
++		close(fd);
++		fd = -1;
++	    } else {
++		/*
++		 * Shell scripts go through namei twice so we can't have the
++		 * close on exec flag set on the fd for fexecve(2).
++		 */
++		flags = fcntl(fd, F_GETFD) & ~FD_CLOEXEC;
++		(void)fcntl(fd, F_SETFD, flags);
++	    }
++	}
 +    }
 +
-     *fdp = fd;
-     debug_return_bool(true);
- }
-+#else /* HAVE_FEXECVE */
-+static bool
-+open_cmnd(const char *path, const struct sudo_digest *digest, int *fdp)
-+{
-+    return true;
++    cmnd_fd = fd;
++
++    debug_return;
 +}
-+#endif /* HAVE_FEXECVE */
- 
++
  static bool
  command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args,
-@@ -728,6 +744,7 @@ digest_matches(int fd, const char *file, const struct 
+     const struct sudo_digest *digest)
+ {
+     struct stat sb; /* XXX - unused */
++    int fd = -1;
+     debug_decl(command_matches_fnmatch, SUDOERS_DEBUG_MATCH)
+ 
+     /*
+@@ -522,30 +552,22 @@ command_matches_fnmatch(const char *sudo
+     if (fnmatch(sudoers_cmnd, user_cmnd, FNM_PATHNAME) != 0)
+ 	debug_return_bool(false);
+     if (command_args_match(sudoers_cmnd, sudoers_args)) {
+-	if (cmnd_fd != -1) {
+-	    close(cmnd_fd);
+-	    cmnd_fd = -1;
+-	}
+ 	/* Open the file for fdexec or for digest matching. */
+-	if (!open_cmnd(user_cmnd, digest, &cmnd_fd))
++	if (!open_cmnd(user_cmnd, digest, &fd))
+ 	    goto bad;
+-	if (!do_stat(cmnd_fd, user_cmnd, &sb))
++	if (!do_stat(fd, user_cmnd, &sb))
+ 	    goto bad;
+ 	/* Check digest of user_cmnd since sudoers_cmnd is a pattern. */
+-	if (digest != NULL) {
+-	    if (!digest_matches(cmnd_fd, user_cmnd, digest))
+-		goto bad;
+-	    if (def_fdexec == never) {
+-		close(cmnd_fd);
+-		cmnd_fd = -1;
+-	    }
+-	}
++	if (digest != NULL && !digest_matches(fd, user_cmnd, digest))
++	    goto bad;
++	set_cmnd_fd(fd);
++
+ 	/* No need to set safe_cmnd since user_cmnd matches sudoers_cmnd */
+ 	debug_return_bool(true);
+ bad:
+-	if (cmnd_fd != -1) {
+-	    close(cmnd_fd);
+-	    cmnd_fd = -1;
++	if (fd != -1) {
++	    close(fd);
++	    fd = -1;
+ 	}
+ 	debug_return_bool(false);
+     }
+@@ -673,16 +695,7 @@ done:
+     if (cp != NULL) {
+ 	if (command_args_match(sudoers_cmnd, sudoers_args)) {
+ 	    /* safe_cmnd was set above. */
+-	    if (cmnd_fd != -1) {
+-		close(cmnd_fd);
+-		cmnd_fd = -1;
+-	    }
+-	    if (fd != -1) {
+-		if (def_fdexec == never)
+-		    close(fd);
+-		else
+-		    cmnd_fd = fd;
+-	    }
++	    set_cmnd_fd(fd);
+ 	    debug_return_bool(true);
+ 	}
+     }
+@@ -728,6 +741,7 @@ digest_matches(int fd, const char *file,
      debug_decl(digest_matches, SUDOERS_DEBUG_MATCH)
  
      file_digest = sudo_filedigest(fd, file, sd->digest_type, &digest_len);
@@ -93,3 +170,39 @@
      if (file_digest == NULL) {
  	/* Warning (if any) printed by sudo_filedigest() */
  	goto done;
+@@ -826,16 +840,7 @@ command_matches_normal(const char *sudoe
+ 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+ 	goto bad;
+     }
+-    if (cmnd_fd != -1) {
+-	close(cmnd_fd);
+-	cmnd_fd = -1;
+-    }
+-    if (fd != -1) {
+-	if (def_fdexec == never)
+-	    close(fd);
+-	else
+-	    cmnd_fd = fd;
+-    }
++    set_cmnd_fd(fd);
+     debug_return_bool(true);
+ bad:
+     if (fd != -1)
+@@ -921,16 +926,7 @@ command_matches_dir(const char *sudoers_
+     closedir(dirp);
+ 
+     if (dent != NULL) {
+-	if (cmnd_fd != -1) {
+-	    close(cmnd_fd);
+-	    cmnd_fd = -1;
+-	}
+-	if (fd != -1) {
+-	    if (def_fdexec == never)
+-		close(fd);
+-	    else
+-		cmnd_fd = fd;
+-	}
++	set_cmnd_fd(fd);
+ 	debug_return_bool(true);
+     }
+     if (fd != -1)
author	Renato Botelho <garga@FreeBSD.org>	2018-04-24 16:52:48 +0000
committer	Renato Botelho <garga@FreeBSD.org>	2018-04-24 16:52:48 +0000
commit	f01f10327d2375f92313b240049ba66b889d1e88 (patch)
tree	8451071147a41dd82b17466a4fcaca583f7f60c9 /security/sudo
parent	383d5adb7763a039ff2e9bac95b166dc91a9dcbb (diff)
download	ports-f01f10327d2375f92313b240049ba66b889d1e88.tar.gz ports-f01f10327d2375f92313b240049ba66b889d1e88.zip